package org.jboss.seam.security;

import java.io.Serializable;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.enterprise.context.SessionScoped;
import javax.enterprise.context.spi.CreationalContext;
import javax.enterprise.event.Observes;
import javax.enterprise.inject.Any;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.inject.Named;
import org.jboss.logging.Logger;
import org.jboss.seam.security.Authenticator;
import org.jboss.seam.security.events.AlreadyLoggedInEvent;
import org.jboss.seam.security.events.DeferredAuthenticationEvent;
import org.jboss.seam.security.events.LoggedInEvent;
import org.jboss.seam.security.events.LoginFailedEvent;
import org.jboss.seam.security.events.NotAuthorizedEvent;
import org.jboss.seam.security.events.NotLoggedInEvent;
import org.jboss.seam.security.events.PostAuthenticateEvent;
import org.jboss.seam.security.events.PostLoggedOutEvent;
import org.jboss.seam.security.events.PreAuthenticateEvent;
import org.jboss.seam.security.events.PreLoggedOutEvent;
import org.jboss.seam.security.events.QuietLoginEvent;
import org.jboss.seam.security.jaas.JaasAuthenticator;
import org.jboss.seam.security.management.IdmAuthenticator;
import org.jboss.seam.security.permission.PermissionMapper;
import org.jboss.seam.security.util.Strings;
import org.jboss.seam.solder.beanManager.BeanManagerLocator;
import org.jboss.seam.solder.literal.NamedLiteral;
import org.picketlink.idm.api.Group;
import org.picketlink.idm.api.Role;
import org.picketlink.idm.api.User;
import org.picketlink.idm.impl.api.model.SimpleGroup;
import org.picketlink.idm.impl.api.model.SimpleRole;
import org.picketlink.idm.impl.api.model.SimpleRoleType;

@SessionScoped
@Named("identity")
/* loaded from: input_file:WEB-INF/lib/seam-security-impl-3.0.0.Final.jar:org/jboss/seam/security/IdentityImpl.class */
public class IdentityImpl implements Identity, Serializable {
    private static final long serialVersionUID = 3751659008033189259L;
    protected static boolean securityEnabled = true;
    private static final Logger log = Logger.getLogger((Class<?>) IdentityImpl.class);

    @Inject
    BeanManager beanManager;

    @Inject
    private Credentials credentials;

    @Inject
    private PermissionMapper permissionMapper;

    @Inject
    Instance<RequestSecurityState> requestSecurityState;

    @Inject
    @Any
    Instance<Authenticator> authenticators;
    private Authenticator activeAuthenticator;
    private User user;
    private Class<Authenticator> authenticatorClass;
    private String authenticatorName;
    private transient ThreadLocal<Boolean> systemOp;
    private Map<String, Map<String, List<String>>> preAuthenticationRoles = new HashMap();
    private Set<Role> activeRoles = new HashSet();
    private Map<String, List<String>> preAuthenticationGroups = new HashMap();
    private Set<Group> activeGroups = new HashSet();
    private boolean authenticating = false;

    public static boolean isSecurityEnabled() {
        return securityEnabled;
    }

    public static void setSecurityEnabled(boolean z) {
        securityEnabled = z;
    }

    @Override // org.jboss.seam.security.Identity
    public boolean isLoggedIn() {
        return this.user != null;
    }

    @Override // org.jboss.seam.security.Identity
    public Class<Authenticator> getAuthenticatorClass() {
        return this.authenticatorClass;
    }

    @Override // org.jboss.seam.security.Identity
    public void setAuthenticatorClass(Class<Authenticator> cls) {
        this.authenticatorClass = cls;
    }

    @Override // org.jboss.seam.security.Identity
    public String getAuthenticatorName() {
        return this.authenticatorName;
    }

    @Override // org.jboss.seam.security.Identity
    public void setAuthenticatorName(String str) {
        this.authenticatorName = str;
    }

    @Override // org.jboss.seam.security.Identity
    public boolean tryLogin() {
        if (!this.authenticating && getUser() == null && this.credentials.isSet() && !((RequestSecurityState) this.requestSecurityState.get()).isLoginTried()) {
            ((RequestSecurityState) this.requestSecurityState.get()).setLoginTried(true);
            quietLogin();
        }
        return isLoggedIn();
    }

    @Override // org.jboss.seam.security.Identity
    public String login() {
        try {
            if (isLoggedIn()) {
                if (((RequestSecurityState) this.requestSecurityState.get()).isSilentLogin()) {
                    this.beanManager.fireEvent(new LoggedInEvent(this.user), new Annotation[0]);
                    return Identity.RESPONSE_LOGIN_SUCCESS;
                }
                this.beanManager.fireEvent(new AlreadyLoggedInEvent(), new Annotation[0]);
                return Identity.RESPONSE_LOGIN_SUCCESS;
            }
            if (!authenticate()) {
                this.beanManager.fireEvent(new LoginFailedEvent(null), new Annotation[0]);
                return Identity.RESPONSE_LOGIN_FAILED;
            }
            if (log.isDebugEnabled()) {
                log.debug("Login successful");
            }
            this.beanManager.fireEvent(new LoggedInEvent(this.user), new Annotation[0]);
            return Identity.RESPONSE_LOGIN_SUCCESS;
        } catch (Exception e) {
            log.error("Login failed", e);
            this.beanManager.fireEvent(new LoginFailedEvent(e), new Annotation[0]);
            return Identity.RESPONSE_LOGIN_EXCEPTION;
        }
    }

    @Override // org.jboss.seam.security.Identity
    public void quietLogin() {
        try {
            this.beanManager.fireEvent(new QuietLoginEvent(), new Annotation[0]);
            if (!isLoggedIn() && this.credentials.isSet()) {
                authenticate();
                if (isLoggedIn()) {
                    ((RequestSecurityState) this.requestSecurityState.get()).setSilentLogin(true);
                }
            }
        } catch (Exception e) {
            log.error("Error authenticating", e);
            this.credentials.invalidate();
        }
    }

    protected boolean authenticate() throws AuthenticationException {
        if (this.authenticating) {
            this.authenticating = false;
            throw new IllegalStateException("Authentication already in progress.");
        }
        try {
            this.authenticating = true;
            this.user = null;
            preAuthenticate();
            this.activeAuthenticator = lookupAuthenticator();
            if (this.activeAuthenticator == null) {
                this.authenticating = false;
                throw new AuthenticationException("An Authenticator could not be located");
            }
            this.activeAuthenticator.authenticate();
            if (this.activeAuthenticator.getStatus() == null) {
                throw new AuthenticationException("Authenticator must return a valid authentication status");
            }
            switch (this.activeAuthenticator.getStatus()) {
                case SUCCESS:
                    postAuthenticate();
                    return true;
                case FAILURE:
                    this.authenticating = false;
                    return false;
                default:
                    return false;
            }
        } catch (Exception e) {
            this.authenticating = false;
            if (e instanceof AuthenticationException) {
                throw ((AuthenticationException) e);
            }
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void preAuthenticate() {
        this.preAuthenticationRoles.clear();
        this.beanManager.fireEvent(new PreAuthenticateEvent(), new Annotation[0]);
    }

    protected void deferredAuthenticationObserver(@Observes DeferredAuthenticationEvent deferredAuthenticationEvent) {
        postAuthenticate();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void postAuthenticate() {
        if (this.activeAuthenticator == null) {
            throw new IllegalStateException("activeAuthenticator is null");
        }
        try {
            this.activeAuthenticator.postAuthenticate();
            if (this.activeAuthenticator.getStatus().equals(Authenticator.AuthenticationStatus.SUCCESS)) {
                this.user = this.activeAuthenticator.getUser();
                if (this.user == null) {
                    throw new AuthenticationException("Authenticator must provide a non-null User after successful authentication");
                }
                if (isLoggedIn()) {
                    if (!this.preAuthenticationRoles.isEmpty()) {
                        for (String str : this.preAuthenticationRoles.keySet()) {
                            Map<String, List<String>> map = this.preAuthenticationRoles.get(str);
                            for (String str2 : map.keySet()) {
                                Iterator<String> it = map.get(str2).iterator();
                                while (it.hasNext()) {
                                    addRole(it.next(), str, str2);
                                }
                            }
                        }
                        this.preAuthenticationRoles.clear();
                    }
                    if (!this.preAuthenticationGroups.isEmpty()) {
                        for (String str3 : this.preAuthenticationGroups.keySet()) {
                            Iterator<String> it2 = this.preAuthenticationGroups.get(str3).iterator();
                            while (it2.hasNext()) {
                                this.activeGroups.add(new SimpleGroup(str3, it2.next()));
                            }
                        }
                        this.preAuthenticationGroups.clear();
                    }
                }
                this.beanManager.fireEvent(new PostAuthenticateEvent(), new Annotation[0]);
                this.credentials.setCredential(null);
                this.authenticating = false;
            }
        } finally {
            this.credentials.setCredential(null);
            this.authenticating = false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected Authenticator lookupAuthenticator() throws AuthenticationException {
        if (this.authenticatorClass != null) {
            return (Authenticator) this.authenticators.select(this.authenticatorClass, new Annotation[0]).get();
        }
        if (!Strings.isEmpty(this.authenticatorName)) {
            Instance select = this.authenticators.select(new Annotation[]{new NamedLiteral(this.authenticatorName)});
            if (select.isAmbiguous()) {
                log.error("Multiple Authenticators found with configured name [" + this.authenticatorName + "]");
                return null;
            }
            if (!select.isUnsatisfied()) {
                return (Authenticator) select.get();
            }
            log.error("No authenticator with name [" + this.authenticatorName + "] was found");
            return null;
        }
        Authenticator authenticator = null;
        Iterator it = getReferences(new BeanManagerLocator().getBeanManager(), Authenticator.class, new Annotation[0]).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Authenticator authenticator2 = (Authenticator) it.next();
            if (!JaasAuthenticator.class.isAssignableFrom(authenticator2.getClass()) && !IdmAuthenticator.class.isAssignableFrom(authenticator2.getClass()) && !authenticator2.getClass().getName().startsWith("org.jboss.seam.security.external.")) {
                authenticator = authenticator2;
                break;
            }
            if (IdmAuthenticator.class.isAssignableFrom(authenticator2.getClass())) {
                authenticator = authenticator2;
            }
        }
        return authenticator;
    }

    private <T> Set<T> getReferences(BeanManager beanManager, Class<T> cls, Annotation... annotationArr) {
        Set<Bean> beans = beanManager.getBeans(cls, annotationArr);
        if (beans.size() == 0) {
            return Collections.emptySet();
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Bean bean : beans) {
            CreationalContext createCreationalContext = beanManager.createCreationalContext(bean);
            if (createCreationalContext != null) {
                linkedHashSet.add(beanManager.getReference(bean, cls, createCreationalContext));
            }
        }
        return linkedHashSet;
    }

    public void unAuthenticate() {
        this.user = null;
        this.credentials.clear();
        this.preAuthenticationRoles.clear();
        this.activeRoles.clear();
        this.preAuthenticationGroups.clear();
        this.activeGroups.clear();
    }

    @Override // org.jboss.seam.security.Identity
    public void logout() {
        if (isLoggedIn()) {
            PostLoggedOutEvent postLoggedOutEvent = new PostLoggedOutEvent(this.user);
            this.beanManager.fireEvent(new PreLoggedOutEvent(), new Annotation[0]);
            unAuthenticate();
            this.beanManager.fireEvent(postLoggedOutEvent, new Annotation[0]);
        }
    }

    @Override // org.jboss.seam.security.Identity
    public boolean hasRole(String str, String str2, String str3) {
        if (!securityEnabled) {
            return true;
        }
        if (this.systemOp != null && Boolean.TRUE.equals(this.systemOp.get())) {
            return true;
        }
        tryLogin();
        for (Role role : this.activeRoles) {
            if (role.getRoleType().getName().equals(str) && role.getGroup().getName().equals(str2) && role.getGroup().getGroupType().equals(str3)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.jboss.seam.security.Identity
    public boolean addRole(String str, String str2, String str3) {
        if (str == null || "".equals(str) || str2 == null || "".equals(str2) || str3 == null || "".equals(str3)) {
            return false;
        }
        if (isLoggedIn()) {
            return this.activeRoles.add(new SimpleRole(new SimpleRoleType(str), this.user, new SimpleGroup(str2, str3)));
        }
        List<String> list = null;
        Map<String, List<String>> map = this.preAuthenticationRoles.get(str2);
        if (map != null) {
            list = map.get(str3);
        } else {
            map = new HashMap();
            this.preAuthenticationRoles.put(str2, map);
        }
        if (list == null) {
            list = new ArrayList();
            map.put(str3, list);
        }
        return list.add(str);
    }

    @Override // org.jboss.seam.security.Identity
    public boolean inGroup(String str, String str2) {
        for (Group group : this.activeGroups) {
            if (group.getName().equals(str) && group.getGroupType().equals(str2)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v25, types: [java.util.List] */
    @Override // org.jboss.seam.security.Identity
    public boolean addGroup(String str, String str2) {
        ArrayList arrayList;
        if (str == null || "".equals(str) || str2 == null || "".equals(str2)) {
            return false;
        }
        if (isLoggedIn()) {
            return this.activeGroups.add(new SimpleGroup(str, str2));
        }
        if (this.preAuthenticationGroups.containsKey(str)) {
            arrayList = (List) this.preAuthenticationGroups.get(str);
        } else {
            arrayList = new ArrayList();
            this.preAuthenticationGroups.put(str, arrayList);
        }
        return arrayList.add(str2);
    }

    @Override // org.jboss.seam.security.Identity
    public void removeGroup(String str, String str2) {
        for (Group group : this.activeGroups) {
            if (group.getName().equals(str) && group.getGroupType().equals(str2)) {
                this.activeGroups.remove(group);
                return;
            }
        }
    }

    @Override // org.jboss.seam.security.Identity
    public void removeRole(String str, String str2, String str3) {
        for (Role role : this.activeRoles) {
            if (role.getRoleType().getName().equals(str) && role.getGroup().getName().equals(str2) && role.getGroup().getGroupType().equals(str3)) {
                this.activeRoles.remove(role);
                return;
            }
        }
    }

    @Override // org.jboss.seam.security.Identity
    public void checkRole(String str, String str2, String str3) {
        tryLogin();
        if (hasRole(str, str2, str3)) {
            return;
        }
        if (isLoggedIn()) {
            this.beanManager.fireEvent(new NotAuthorizedEvent(), new Annotation[0]);
            throw new AuthorizationException(String.format("Authorization check failed for role [%s:%s:%s]", str, str2, str3));
        }
        this.beanManager.fireEvent(new NotLoggedInEvent(), new Annotation[0]);
        throw new NotLoggedInException();
    }

    @Override // org.jboss.seam.security.Identity
    public void checkGroup(String str, String str2) {
        tryLogin();
        if (inGroup(str, str2)) {
            return;
        }
        if (isLoggedIn()) {
            this.beanManager.fireEvent(new NotAuthorizedEvent(), new Annotation[0]);
            throw new AuthorizationException(String.format("Authorization check failed for group [%s:%s]", str, str2));
        }
        this.beanManager.fireEvent(new NotLoggedInEvent(), new Annotation[0]);
        throw new NotLoggedInException();
    }

    @Override // org.jboss.seam.security.Identity
    public void checkPermission(Object obj, String str) {
        if (this.systemOp == null || !Boolean.TRUE.equals(this.systemOp.get())) {
            tryLogin();
            if (hasPermission(obj, str)) {
                return;
            }
            if (isLoggedIn()) {
                this.beanManager.fireEvent(new NotAuthorizedEvent(), new Annotation[0]);
                throw new AuthorizationException(String.format("Authorization check failed for permission[%s,%s]", obj, str));
            }
            this.beanManager.fireEvent(new NotLoggedInEvent(), new Annotation[0]);
            throw new NotLoggedInException();
        }
    }

    @Override // org.jboss.seam.security.Identity
    public void filterByPermission(Collection<?> collection, String str) {
        this.permissionMapper.filterByPermission(collection, str);
    }

    @Override // org.jboss.seam.security.Identity
    public boolean hasPermission(Object obj, String str) {
        if (!securityEnabled) {
            return true;
        }
        if (this.systemOp != null && Boolean.TRUE.equals(this.systemOp.get())) {
            return true;
        }
        if (this.permissionMapper == null || obj == null) {
            return false;
        }
        return this.permissionMapper.resolvePermission(obj, str);
    }

    public synchronized void runAs(RunAsOperation runAsOperation) {
        User user = getUser();
        if (this.systemOp == null) {
            this.systemOp = new ThreadLocal<>();
        }
        boolean booleanValue = this.systemOp.get().booleanValue();
        try {
            this.user = runAsOperation.getUser();
            this.systemOp.set(Boolean.valueOf(runAsOperation.isSystemOperation()));
            runAsOperation.execute();
            this.systemOp.set(Boolean.valueOf(booleanValue));
            this.user = user;
        } catch (Throwable th) {
            this.systemOp.set(Boolean.valueOf(booleanValue));
            this.user = user;
            throw th;
        }
    }

    @Override // org.jboss.seam.security.Identity
    public void checkRestriction(String str) {
    }

    @Override // org.jboss.seam.security.Identity
    public User getUser() {
        return this.user;
    }

    @Override // org.jboss.seam.security.Identity
    public Set<Role> getRoles() {
        return Collections.unmodifiableSet(this.activeRoles);
    }

    @Override // org.jboss.seam.security.Identity
    public Set<Group> getGroups() {
        return Collections.unmodifiableSet(this.activeGroups);
    }

    @Override // org.jboss.seam.security.Identity
    public boolean isVerified() {
        return false;
    }
}
